Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN How To

VLAN Best Practices

These are some general guidelines in creating VLANs. A VLAN creates a boundary between devices, so the goal is to plan the boundaries that will improve network functionality and security.

  1. Grouping devices by traffic patterns - Devices that communicate extensively between each other are good candidates to be grouped into a common VLAN.
  2. Grouping devices for security - It is often a good practice to put servers and key infrastructure in their own VLAN, isolating them from the general broadcast traffic and enabling greater protection.
  3. Grouping devices by traffic types - As discussed in this How To, VoIP quality is improved by isolating VoIP devices to their own VLAN. Other traffic types may also warrant their own VLAN. Traffic types include network management traffic, IP multicast traffic such as video, file and print services, email, Internet browsing, database access, shared network applications, and traffic generated by peer-to-peer applications.
  4. Grouping devices geographically - In a network with limited trunking, it may be beneficial to combine the devices in each location into their own VLAN.

More VLAN Technologies

In this How To, I've configured static VLANs. A static VLAN is created by assigning switch ports to specific VLAN numbers. Some switches may support dynamic VLANs, which are created by assigning MAC addresses to VLAN numbers. Dynamic VLANs are a less common way to configure VLANs and are more resource intensive to build and maintain. But they do enable mobility of devices while retaining VLAN boundaries.

As discussed, I didn't use VLAN Trunking in this example. If I had multiple VLAN-aware switches, I would likely have employed Trunking to enable distributed VLAN configurations.

The standard protocol for VLAN Tagging is 802.1Q, sometimes referred to as Dot1Q. If you're selecting a VLAN capable device, you'll want to ensure this protocol is supported for interoperability, especially if you're going to use it in VLAN trunking applications. The ability to change a port's PVID usually comes along with 802.1Q capability.

Conclusion

The Linksys SRW2008 is a nice switch for creating VLANs on your small network. Each of its eight ports support gigabit Ethernet, so it could serve as a central switch connected to multiple other switches. You could use less-expensive unmanaged switches to group devices, and connect each unmanaged switch to a port on the SRW, using the SRW's VLAN capability to break up the broadcast domains and maximize available bandwidth.

However, pretty much any managed or "smart" switch supports port-based VLANs, which is sufficient to implement the example in this article. Use the Gigabit Smart Switch Feature Comparison Table to explore other VLAN-capable products. Note, however, that the TrendNet TEG-160WS can't be used because it doesn't allow you to change port PVIDs.

A final plus to using VLANs is network design. VLANs enable segmentation and grouping, which are recognized elements of good network design. Good design makes network growth and maintenance easier. Being able to eliminate all the devices in one VLAN as a possible cause of a problem in the other VLAN is a helpful and immediate benefit of having VLANs in your network.

With the right equipment and good planning, implementing a VLAN is straightforward. Take your time and follow these steps, and you'll be rewarded with more bandwidth, increased security, and a better-designed network.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hello, I recently moved into a new house and had the internet set up by Cox. I would like to extend wired internet to the upstairs rooms but don't wan...
RT AC68WFW Merlin 384.13I have a 4TB drive. I've partitioned it so the first partition is 500GB and the second partition is 3.5TB. The labels for each...
I'm running 384.13 on an 86U. On enabling the Openvpn server I get the following message next to the Export OpenVPN Configuration File on the GUI."Ini...
I have a couple of RT-AC68Us (orig T-Mo CellSpots) which are running Merlin 384.13. Couple of months ago I OC'ed them to 1000,800. I now find that the...
Hi,I have an Asus AC-RT68R running Merlin FW 384.13 and I noticed a strange issue with a wired security camera I just installed. It is showing up in t...

Don't Miss These

  • 1
  • 2
  • 3